Posted
by
Soulskill
on Sunday October 28, 2012 @07:20AM
from the don't-we-all dept.

danomac writes "Police agencies in Canada want to have better tools to do online surveillance. Bill C-30 was to include new legislation (specifically Section 34) that would give police access to information without a warrant. This can contain your name, your IP address, and your mobile phone number. This, of course, creates all sorts of issues with privacy online. The police themselves say they have concerns with Section 34. Apparently, the way it is worded, it is not just police that can request the information, but any government agent. Would you trust the government with this kind of power?"

As somebody who grew up in Germany, I have seen ample historic precedent where this kind of snooping leads. Either fight it now or explain to your children in a decade or two why you did not prevent a surveillance state, where there is no free speech and no tolerated dissent.

What we need is Wikileaks to reveal whose really behind it and why. Like the Swedish prosecution of Pirate Bay, where torrent tracking is equated to copyright infringement is equated to a criminal act. Wikileaks revealed this was a demand from the US during secret discussions on laws that would be passed. Interesting the discussion was between the Swedish govt and the US govt and didn't include Swedish people:

"The secret cables, seen by The Daily Telegraph, disclose how Swedish officials wanted discussions about anti-terrorism operations kept from public scrutiny.....Making the arrangement formal would result in the need for it to be disclosed to Parliament, they said. "

Wow, the Swedish government had closer links to the Bush government (this was 2008) than it does to the Swedish Parliament.

I was very surprised when the story of the illegal raid on TPB and the international corruption that led to it broke. I regarded Sweden as one of the pinnacles of democracy in the world and now that image was shattered forever. I now have absolutely no doubt that the rape charges against Assange are pure fiction and that strange things would happen if the Swedish police got their hands on Assange; maybe he would 'disappear' or something similar - I would not trust the Swedish government one bit anymore.

Interesting, watching Naomi Wolf talk about how the Stasi actually only had 10% of the people under surveillance, and it was the fear of being watched that kept people from rising up. With all the new computer technology, states about to flip over to dictatorship can watch *everyone* all the time.

http://www.youtube.com/watch?v=RjALf12PAWc

It's well worth watching that video. The odd thing is that if you 'like' it,

In the UK we had Jacqui Smith, who wanted to index everything you did on the Internet ready for searching by the police in very similar ways. She was voted out at the next election along with her party.

Good riddance.

98% of the population DO give a fuck. You just have to make a loud enough noise so people are made aware of what they're up to.

Canadian citizens want to police. While we're at it, we also want new politicians.

These ass-clowns just don't get it that while laws that enable them to use new technologies are reasonable, laws that bypass established due process aren't. I don't care that computers allow much more efficient investi-trolling. You still get a warrant, or you don't get the data, in my world. Anything else - C-30 or not - is illegal to me and puts the government and police in an adversarial position relative to their constituents.

"It sound like some people I know who "Keep getting all these virus things no matter what I do!""

Remember the Sony BMG root kit?Remember how no Antivirus detected it? Not even Anti root kit scanners?Remember how only one tool initially detected it?

Now consider for a moment how many other government software/firmware moles/rootkits may be lingering within millions of people's proprietary systems (hardware/software-OS).

Wikileaks published a lot of information on companies willingly selling rootkits to governments and organizations. And do I really need to bring up HBGary?

So many fools using multiple proprietary scanners on their systems, the makers of which could all be in bed with big bro, the programs and/or updates could contain rootkits, and seriously, what the fsck is up with Microsoft and Flash both having so many remote exploits being patched all of the time?

The very products you trust, imo, could be the very e-poison from which you e-drink from.

To this day I laugh inside when twits tell me their system is "clean" because they scanned it with several proprietary tools.

Face it, even on Linux the quality of the root kit scanners are piss poor. You have to boot into a separate environment (like Remnux) to evaluate the malware, but most people won't do it, they'll wipe and reinstall and rely only on signatures which can be compromised. And when they find out they have an APT which continues to reinfect their computer(s)? Would they be intelligent enough to consider a firmware (PCI/BIOS) infection which survives hard drive wipes? Do they also have infected thumb drives laying around they plug into other computers around home and/or friends/family/work?

Chkrootkit has a function to list the strings of binaries, but it's up to you to determine whether or not the content of the strings are malicious. I've tried several root kit scanners on Linux and all of them are, imo, crippled pieces of trash. The crowd will yell back at you, "But most of these require root to exploit!" No, not at all, there are hundreds of ways to exploit a Linux box, many not requiring root, but a particular program/version. I won't even bite down on the subject of ways to subvert package managers. Heck, how many Linux repositories use SSL? SSH? Torrents with established "good" check sums for thousands of packages?

And I've not mentioned Flash and Adobe Reader for Linux and the past problems with those... and the NVidia driver for Linux, had in the past, one or two severe security issues whereby a remote exploit could take over the system! (Google it. The news of one exploit was in 2006.)

Our proprietary hardware and software are both at risk, and likely subverted world wide on millions of computers by governments and select organizations. The fact it takes years until a researcher trips over a particular piece of malware which none of the antivirus companies are detecting is inexcusable.

Were I head of a commercially developed antimalware company, I'd develop a website similar to Virus Total, but instead of the users uploading single files one by one, I'd give them a FOSS program which checked every part of their hardware, embedded and manually inserted, checksum the firmware (of all media drives, graphics cards, anything with firmware) and BIOS and tear apart the results, funneling them into separate result pages, each result for each component going to its own page for comparative results, rather than building a profile on one user's system. I would offer the users the option of publishing a one page result for their unique computer, but it would be opt-in only. Yes, checksum the firmware, including the router, and demand companies publish checksums and use GPG to sign their firmware, all of this information would go to the site as described. A massive database of important, but anonymously pulled and published information.

It's just going to get worse.

On the side, I've been saying to myself for years, IMO, "When Microsoft finally starts to show signs of

..they'll need that because kids taking pictures in malls will figure out how to auto-upload their pics on Dropbox. Ergo, they need to have more internet powers to stop such a heinous abuse of freedom.

This law comes up for debate about once every year or two and, to date, Canadians keep shouting it down. Hopefully people up here continue to do so. I'm fine with the RCMP having access to this information with a warrant, but warrantless access by anyone is a bad idea.

As the comments of the linked article suggest, there is no reason police can't get a warrant.

Of course that would entail some pillow talk...I mean probable cause arguments to a judge, I suppose. If even this tiny bit of protection is to be stripped away then all hope is truly lost for our free society.

The police are still pissed off that the Government basically scrapped Bill C-30 after a national outcry about it. It seems that we Canadians just did not like the idea of warrantless wire taps and that the government wanted to gain access to all our internet data stored by our ISP, again with out a warrant, and without even requiring those getting the data to be law enforcement officials. .

How many times do police or copyright enforcers quit the first time they get thrown out by a court or spanked by public opinion? At most they shut up till the noise quiets down and then come back with a renamed bill a bit later... That's extra-true for you in Canada, because the US police and copyright mafias want laws like that pushed in the US, and it's easier to do that if they get Canada to do it first so they can point to what a fine example our neighbors to the north are providing, so they're alway

They can get a warrant very easily. Why do they want the power to go around that? If you have followed the HUGE outcry against C-30 you would also know that there will be no paper trail behind these requests either and politicians would also be allowed to make such requests. The current Canadian federal government is corrupt and shady and Canadians have already made it abundantly clear that we do not want this bill to pass.

I don't mind them having better tools, as long as it doesn't usurp due process. Power corrupts, and absolute power corrupts absolutely. That is why there are checks and balances, and they MUST be kept. If there is a good reason for needing the information, then getting a warrant should not be a problem.

The ability to breach your privacy is a privilege granted to law enforcement for the purpose of fighting crime, but it is a privilege. The use of that privilege has to have just cause, which is what the whole warrant system is supposed to check.

The UK already has a problem with warrantless intercept based on a combination of RIPA 2000 and the magic word "terrorist", and from what I hear it is abused with gay abandon. Don't go there..

Definitely, somebody had to say it first, glad it was you and not me. But yes, you'll start seeing Rule 34 sites for IP addresses with webcams and mobile phones that can have the cameras turned on, based on Section 34 data collection.

No. Privacy is a right (even the UN thinks so) and I will say no as many times as I have to. I believe Bill C-30 is more than a threat to privacy though, it is a threat to Canada's democracy. Strong crypto must be allowed for a digital democracy.

Most services already have an option (if not a default) to use encrypted communication. If privacy is further restricted, advocates will encourage hard drive (or at least personal folder) encryption to be used by default.

The next logical step would be to make use of cryptography illegal, but then it reaches the point where the majority of the population is breaking the law routinely. When the law has turned the majority of the population into criminals, it becomes unenforceable and completely toothless.

The problem with cryptography (at least HTTPS) is that you can still tell which website they visited, when, and for how long. This alone can be used to create a fairly good picture of a person's habits, tendencies and personal preferences. Also keep in mind that with HTTPS you cannot server multiple websites from the same IP (and the IP is not encrypted for obvious reasons), so there is no mistaking which website (or subdomain of that website for that matter) the user is visiting.

You could always combine the use of HTTPS with TOR, to further obscure the source. It won't provide absolute protection, but it will substantially up the ante on tracking the communications back to the source. If a militant and closed government like Iran cannot shut down TOR, how much less can an open and democratic one like Canada? It should also be noted by those everywhere who love privacy and wish to see it preserved that running TOR exit nodes is a public service and strikes a blow against oppressive

Also keep in mind that with HTTPS you cannot server multiple websites from the same IP (and the IP is not encrypted for obvious reasons), so there is no mistaking which website (or subdomain of that website for that matter) the user is visiting.

You're wrong there. Multidomain certificates just cost more and are a little more complicated to create. (They also have to either list the domains that they are for or the super-domain, depending on exactly which type of certificate they are.)

The next logical step would be to make use of cryptography illegal, but then it reaches the point where the majority of the population is breaking the law routinely. When the law has turned the majority of the population into criminals, it becomes unenforceable and completely toothless.

I don't think they will try to make encryption illegal, they would simply make not disclosing the key to the authorities illegal. That's how it is in the UK right now, for example. Which, of course, also makes both forgetting your key and storing random data illegal...

The main caveat here is that any hardware which has been outside of your custody even once must never be trusted again, but that's a small price to pay compared with the alternatives. The government can still get to you if they want you bad enough, but it's much more likely that small fish will escape the net and get lost in the noise. As long as the story remains plausible, nobody's going to ask too many questions of the average citizen.

BC's biggest incompetent ass, usually about the time he starts squawking over something it's because something really bad has happened and he's trying to deflect attention to something else. Apparently Jim would like to remove R&PG(reasonable and probable grounds), as well. Well for those that don't know most police chiefs in Canada were once cops turned politicians. If you want to know how things actually work here, you look at staff sgts and below, sometimes inspectors. It gets messy though, becau

...the internet is based on open protocols. They can look up the specs, read the descriptions of the protocols, write test software, and write software all day long to support their needs. I think we should encourage all police state advocates to write their own software. Unless they have more important things to do, like stop burglars, capture pickpockets, etc. It's Canada after all, not exactly a major site for the burgeoning drug war the US is hemorrhaging money into.